1

I maintain an open-source application project, which I committed in a public GitHub repository. The source code I wrote is open-source (under MIT license) and owned by me, however it depends on a third-party library, for which the source code is proprietary of its providing company.

Of course I bought a copy of this library, however for practical reasons I want to create a private GitHub repository, on which I think commit this proprietary source code and link it as a sub-module in my public application project.

I performed a test to check if a thus created private sub-module may be accessed by anyone from my public application project, and it seems it's not the case, although the sub-module appears as a link, which is exactly what I wanted: an access to this sub-module for me exclusively, and no access for any person which just want to get my source code.

However is a such practical legal? I.e can I commit the proprietary source code of another company in a private repository I own, if this repository cannot be accessed by other persons than me?

Improve this question
2
  • 3
    Did you read the license associated with the proprietary library? 95% of the answer is contained there.
    – user6726
    Commented Jul 11, 2020 at 1:24
  • I read the license, but this point is unclear for me (I'm a developer, not a jurist). The disclaimer says the following: "Licensee agrees to maintain in confidence the source code version of the Licensed Software by using at least the same physical and other security measures as Licensee uses for its own confidential technical information and documentation, but in no case less than reasonable measures". As the source code was originally distributed onto a CD, I think that commit it in a private repository shouldn't violate the confidentiality clause, right?
    – Jean-Milost Reymond
    Commented Jul 15, 2020 at 12:19

1 Answer 1

Reset to default
4

Per the comment, the applicable license term seems to be

Licensee agrees to maintain in confidence the source code version of the Licensed Software by using at least the same physical and other security measures as Licensee uses for its own confidential technical information and documentation, but in no case less than reasonable measures.

So if your own code is on a physically unconnected thumbprint-secured blah blah blah computer deep in a mountain, with files encrypted, so must theirs be. If yours is stored in "the cloud" with decent password protection, theirs must be as well. This seems to describe your Github use (I don't have any knowledge of the degree of hackability of private Github repositories). The legal judgment as to whether this is "reasonably secure" is based on whether a prudent person would know that it is practical to gain unauthorized access. Protecting a file with the password "password" would probably be found to be unreasonably insecure.

Improve this answer
1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .